On Tue, 18 Mar 2003, Dag-Erling [iso-8859-1] Smørgrav wrote: > Julian Elischer <[EMAIL PROTECTED]> writes: > > So, the fix would be to go back to an old version of ssh? > > Yes, but you'd have to go back to a version with known remotely > exploitable vulnerabilities. > > Since this is a problem for you and your customers, I will look into > getting password changing to work, at least for PAM authentication, > when I import 3.6 (which should be out in a few weeks).
Ok so we'll have to miss 4.8. Does making it work for PAM allow it to work for ssh? That's where they are worried the most. > > DES > -- > Dag-Erling Smørgrav - [EMAIL PROTECTED] THANKS! The banks are all getting paranoid at the though of an organised break-in attempt from "unfriendly" sources and it trickles down to us.. The other thing they are on about is "3 tries and you are out" password lockouts. /usr/src/contrib/libpam/modules/pam_tally.c is what they want. We're trying to 'resurect' it and see if it still works with 4.8. is there a similar file for the new PAM code? (or another way of doing it?) Are old and new PAM modules in any way compatible? If we wrote one that ran on 4.x would we be able to continue to run int (even with a recompile) when we switch to 5.3? > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
